Security By Obscurity Doesn't Stop The Negative Day Exploits
from the just-saying... dept
This would be the latest in our ongoing series of stories about how the standard way of dealing with security problems doesn't really work any more. It relies on a system of discovering the vulnerability, figuring out how to stop it, and then distributing a patch widely. That works for incredibly slow moving malware -- but, if you hadn't noticed, malware is learning how to spread ever faster. For years people have warned that this was going to lead to "zero-day attacks" where exploits are propagating before anyone has the chance to patch. That's already started happening in many cases, and it demonstrates, again, why the "security by obscurity" argument some companies make, saying that everyone needs to stay quiet until they've patched their systems, is bogus. For example, the WMF exploit that got so much attention last month apparently was available on the black market for nearly a month before security firms started discussing it. In other words, any company that thinks keeping a security exploit quiet to prevent those with malicious intent from figuring it out are probably fooling themselves. Those with malicious intent already probably have it figured out.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
Did you miss the Elves in huge costumes broken int
You are a dark elf. You do love, but if anyone
found out, they'd be toast. You are not evil,
but you like people to think you are!
What elf are you? *sweet anime pic*
brought to you by Quizilla
[ link to this | view in chronology ]